Hi all, I’m looking to upgrade my router from the default one that came from my ISP.
I don’t need anything super fancy, just something with 4+ lan ports (1gbps is ok, 2.5gbps would be nicer), 1 WAN Port, Wifi-6 (802.11ax), and the ability to have an isolated IoT network (using a vlan for this would be nice).
Any suggestions? I’d like to keep the price down if possible. This is just for my home network.
You’re in selfhosted, so most people here are going to suggest you self host something like pfsense or opnsense, which would give you everything you need, but you know being self hosted you’re going to have a steep learning curve.
Otherwise go pick up any router at best buy, they’re all assorted levels of garbage.
I’d say both opn/pf sense are fairly easy to get started with. Now for something small I’d suggest openwrt.
For a full setup you can’t beat xxsense as firewall and router and stand alone AP’s for WiFi.
And the prosumer approach they take to networking features. OSPF and UPnP in the same software? I’ll never turn to anything else.
I would actually suggest buying one of Netgate’s prebuilt routers. They’re pricey, but it brings the peace of mind knowing that device is handling it exclusively, and with appropriate hardware. It doesn’t come with a Switch or AP though.
I use OPNsense on a reasonably cheap mini-PC with 6 ethernet ports that I bought from AliExpress. You can do a lot with OPNsense. For wifi I could have added a wireless card, but to avoid any potential driver issues instead I just plug in a wireless router set to Access Point mode.
How much this kind of setup costs depends on what kind of hardware you buy. If you stick to the minimum spec for OPNsense and buy a cheap wifi card or a used wifi router from eBay, you won’t need to spend too much.
OPNsense for the win! It’s so powerful, I love it.
Have you ever used PFSense? How do you find it compares to Opnsense, and - for anyone with experience - how hard would it be to migrate from one to the other these days?
I haven’t used PFSense, I’m afraid. There’s a fairly recent comparison here:
https://homenetworkguy.com/review/detailed-comparison-between-opnsense-and-pfsense/
I use an Asus 86RU running Asus-Merlin. It ticks all of your boxes.
Same exact setup here. Love it so far and extremely stable.
MikroTik hAP ax3 seems to fit the requirements and is what I’m currently running. They add their enterprise features into the “consumer” packages, allowing you to set up VLANs, meshes, etc
I’m surprised more people in the selfhosting community aren’t recommending Mikrotik.
Their cheapest routers have all the same software features as their enterprise gear. They’re also one of the only companies who makes most of their routers and switches capable of being powered with POE in and redundant DC power.
All of their newer ARM based routers support running docker containers natively on the routers extra features. You can run PiHole/AdGuard, nginx, tailscale, etc. directly on your routers hardware.
I’ve been running a hexS for 3 years without any issues. I run multiple VLANs and wireguard directly on it, and it has an SFP port that I can use for an ONT module to get a fiber connection directly to my router from my ISP. I think it cost me $60 when I bought it.
Mikrotik are the best.
Recently installed a P2P link 60GHz with 5GHz backup for a customer, it can push 1000Mbps easily and only cost €150.
Did not know that about PiHole/Adguard but will definitely look into that.
I’m waiting for the L009UiGS-RM to be back in stock so I can try that out.
I have a TP Link Archer C7 that has been working great for me.
I have the same, but just as another data point: mine regularly locks up and needs to be reset… Maybe made worse by big data transfers. Are you running stock firmware or OpenWRT or something?
Stock firmware 1.2.1. I set it to reboot every week and haven’t had any issues with it.
Ah, maybe I need to do the auto reboot too. Thanks.
Check out Firewalla Gold. I think it would meet all of your requirements.
How much wifi and open-source do you really want?
If you are willing to go with commercial hardware + open source firmware (OpenWRT) you might want to check the table of hardware of OpenWrt at https://openwrt.org/toh/views/toh_available_16128_ax-wifi and https://openwrt.org/toh/views/toh_available_864_ac-wifi. One solid pick for the future might be the Netgear WAX2* line. One of those models is now fully supported the others are on the way. If you don’t mind having older wifi a Netgear R7800 is solid.
If you want full open-source hardware and software you need a more exotic brand like this https://www.banana-pi.org/en/bananapi-router/.
Both solutions will lead to OpenWRT when it comes to software, it is better than any commercial firmware but there’s a catch about open-source wifi. The best performing wifi chips are Broadcom and those don’t usually see open-source software support**. MediaTek is the open-source alternative and while they work fine they can’t, unfortunately, beat Broadcom. As most hardware is Broadcom they have hacks that go behind the published wifi standards and get it go a few megabytes/second faster and/or improve the range a bit.
** DD-WRT is another “open-source” firmware that has a specific agreement with Broadcom to allow them to use their proprietary drivers and distribute them as blob with their firmware. While it works don’t expect compatibility with newer hardware nor a bug free solution like OpenWRT is.
Furthermore depending on your ISP you might be able to simply add a small ARM box attached to it and use ir for DHCP, VPN, DNS resolver etc. and you could still use the ISP router as gateway / firewall / switch / wifi.
All of the suggestions here are strong.
I don’t know what electricity costs in your region, but I consider that as part of my decisions. You can soon spend more on power than the device costs.
A router will be on 24/7 with a fairly consistent load (sure there’s peaks, more in the day, etc…)
Personally, I’d recommend you try a few different options - an old x86 PC is terrible for power, but great to try out pfSense / OPNSense / DD-Wrt / OpenWrt / Tomato first… then from that pick your real hardware.
Personally, I’ve tried a few things over the years and the *WRTs in a single re-imaged old wifi-router is probably everyone’s Step 1.
If you want new, low power, etc - have a look at this for inspiration: https://www.youtube.com/watch?v=bM6Ivy_KLR4
Here is an alternative Piped link(s): https://piped.video/watch?v=bM6Ivy_KLR4
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source, check me out at GitHub.
I had a Netgear nighthawk r7800 with ddwrt, which finally crapped out. I went with the TP-link Deco Mesh router as a replacement, and so far it’s working better than the ddwrt router. There are versions with Wi-Fi 6, but i went with the “3 stations for ~$120” and haven’t had any problems with speed, since tht bottlenecks are usually external/cable modem related anyway.
My biggest selling point for the tp-link, it’s much easier to set a local dns, with a fallback to 1.1.1.1, something i could never get to work on ddwrt. So whenever my Jellyfin transcodes bring the Pihole to a screeching halt, it will at least fallback to external dns and not take the whole network with it.
I can also have a base module Ethernet connected to my pc in the office, another hooked up to the cable modem and zimaboard in the livingroom, and eventually, a raspi with a couple of low resource containers (pihole, home assistant, nginx). My goal is to hardwire as many things as i can for speed/signal noise purposes.
I had very similar wishes, but settled on a Velica (GL-B2200). It comes with OpenWRT out of the box, and can be flashed to the newest version. It has great WiFi coverage, which is nicer than top speed imho. Downside is only 1 wan and 1 lan, but with a VLAN and a separate switch it might be ok for you.
FYI the glinet routers come with a version of openwrt that contains unknown closed-source components. That said they have nicer, easier to use interface that has no learning curve. So less of a project than many of the other options discussed here. It’ll work out of the box.
Could always whitebox it with Debian, nftables, dnsmasq, hostapd, etc. on an old mini PC if it has two NICs…
I’d replace Debian with openbsd. That’s my go to solution for labs at work.
At home I use a ubiquity thingy (the round box) as I used ubiquity at my previous work. It’s utter shit and the UI goes dead a few days after each hard reset. But it works and I use Tailscale for connecting to stuff at home, so no need to replace it yetOr run x86 OpenWRT of you want a nice UI. Works wonderfully. It lacks A/B boot but it’s fairly easy to implement on your own
GL-Inet AX1800
OpenWRT, accessible via the advanced (LUCI) interface. You can define a bunch of SSID’s including guest networks and/or bind them to VLAN’s
You could go pfsense and add a wireless card.
I absolutely love my Synology router and access points. You can start with one and then if needed just add others for a mesh network. The RT6600ax has all of the features that you’re looking for. My .02.
I’ve run Synology since they got into the router game and I unfortunately I cannot recommend them. I adore their NASes and they are rock solid but the routers aren’t tested properly in my opinion. I live in a VERY Wi-Fi contested area and it really affects their hand-off between nodes in their mesh, which means a device often stays connected to the wrong node up to a point where there’s simply no connection. I thought it was a 1st gen problem but after upgrading to their 2nd gen systems it hasn’t solved the problem.
I’m moving to another router/mesh system now, which I’ve tested and it works considerably better.
Ah interesting. Ya I don’t have very many other networks to compete against so I have no experience with that.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters AP WiFi Access Point DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web PiHole Network-wide ad-blocker (DNS sinkhole) VPN Virtual Private Network nginx Popular HTTP server
5 acronyms in this thread; the most compressed thread commented on today has 6 acronyms.
[Thread #58 for this sub, first seen 17th Aug 2023, 18:05] [FAQ] [Full list] [Contact] [Source code]
